Pakistan Bans Encryption 351
An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."
awesome (Score:3, Insightful)
Dear Pakistan (Score:5, Insightful)
Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).
This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.
Re:good luck with that (Score:5, Insightful)
Yeah, this is pretty much an unwinnable arms race. No matter how much deep packet inspection brute-force they want to employ - If they allow any protocols at all to run unrestricted, it'll be possible to tunnel data over it. Hell, give me an ICMP-only network and I'll encode data payloads into the TTL numbers.
Pakistan is gonna have to cut off its Internet backbones entirely if it's serious about shutting down encrypted communication.
And the rest? (Score:5, Insightful)
What about digital signatures?
eCommerce using SSL?
Password-protected files?
OS passwords?
Re:Security concerns (Score:4, Insightful)
"War" can be so convenient.
Re:Security concerns (Score:4, Insightful)
What an opportunity... (Score:5, Insightful)
Re:What an opportunity... (Score:2, Insightful)
Crack what? Just listen!
Re:Question (Score:3, Insightful)
How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?
Theoretically, you should not be able to distinguish encrypted bits from random data. Unfortunately, people almost never send megabytes of uniformly random bits to each other, and I doubt that the Pakistani courts are going to believe your claim that you were doing such a thing. You might claim that you were sending compressed data (which may also appear to be random), but then the courts are going to ask you how it was compressed, so that they can decompress it -- and when you tell them "LZMA" and they get random bits, they are going to throw you in prison.
Re:Question (Score:5, Insightful)
Government: "What are you doing sending this encrypted data?!"
Citizen: "Encrypted?! That's just random bits that I was sending to my friend in America!"
Government: "Oh, never mind then. It's not like we have any reason to think that you would not be sending random bits to someone in America!"
Re:good luck with that (Score:4, Insightful)
Actually, this is just the next step in the arms race.
The first generation were the firewalls. The sophistication has gone from just blind IP blackholes to active MITM attacks, changing posts in midstream.
Now, because of VPNs, the next step is to ban them, and then arresting anyone who might have any traffic out of the ordinary. With anti-VPN laws, a government can vacuum up people for "suspect packets".
This is just what a government will do when they realize people VPN around their surveillance/censorship controls. Pakistan is the first to implement this, but I am sure they will be the last.
It is only a matter of time before we see anti-VPN laws being passed, just like we see national firewalls sprouting up.
Re:Hrrm.. (Score:4, Insightful)
I smell a revolution brewing.
So do they. That's why they're putting the ban in place.
Re:Question (Score:4, Insightful)
DING! Rubber hose decryption is quick and effective in almost every case. This law is not about providing a technical means to stop encryption. Its purpose is to turn the targeted users into criminals. Much like the DMCA in the US.
Re:Oh dear God I hope so. (Score:2, Insightful)
... your speed limits are an offense to every thinking human ...
Except those who have lost loved ones to motor vehicles travelling over the speed limit. Believe it or not, some regulation is actually there to preserve human life and health. Would you abolish environmental protection agencies also?
Yes, I know it's off topic.